+x+xI was actually thinking about this the other day. In my last job I had to do quite a bit of GDPR stuff as we held databases of customer's information etc. The angle I was thinking about was when your order comes to an end. I will be off the register in 3 years (my PPU said if all goes well and given how low level risk I am it could be next year but I'm not holding my breath on that). You'd have to manually get in touch with them to get them to remove your details as it is not longer pertinent. The problem that lies here is there is no way for them to fact-check this unless the person(s) that run it are privy to police documents in which case they could look it up however that'd be a huge breach of data protection and open them up to a whole world of issues. So, my point being - If you get in touch and say "hey, I'm off the register. Remove me from your site within xx days" they'd have to abide by that under the "Right to Erasure". They have no way to fact-check it so I'm tempted to just email them and ask them to remove me now saying I'm no longer subject to the notification requirements. The parts of the GDPR that are relevant:Individuals have the right to have their personal data erased if: - the personal data is no longer necessary for the purpose which you originally collected or processed it for;
- you are relying on consent as your lawful basis for holding the data, and the individual withdraws their consent;
- you are relying on legitimate interests as your basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing;
- you are processing the personal data for direct marketing purposes and the individual objects to that processing;
- you have processed the personal data unlawfully (ie in breach of the lawfulness requirement of the 1st principle);
- you have to do it to comply with a legal obligation; or
- you have processed the personal data to offer information society services to a child.
The two I've highlighted are the main ones, although the 3rd one could be used to make sure it stays up.
It is an interesting one and given they're essentially a link aggregate site I'm not sure where they'd fall in the GDPR ruling for the requirements of needing a GDPR officer within their "organisation" who deals with these requests.
One of the issues of asking them to be removed though, given the general nature of the "clientele" that frequent these sort of sites is I can't help but feel they'd end up badmouthing you publicly for daring to ask to be removed; posting on Facebook and/or their website/social media etc.
"ATTENTION - CONVICTED OFFENDER JOHN DOE IS TRYING TO HIDE THEIR CONVICTION. PLEASE SPREAD THIS AROUND TO MAKE SURE THIS DOESN'T HAPPEN! THINK OF YOUR CHILDREN!"
I have zero doubt in my mind the UK Database and their affiliates would be all over it like that.
Then all the dust that may have settled gets swirled up again and you're back to where you started.
What about feeding them false reports etc? Use false names, false sightings, false images. This might reduce the quality / reliability of the information... Sorry, I don't quite follow. Can you give me an example? I'd be adverse to using a random image off the internet though as that would then essentially label that person as an offender in their eyes.
|